regexes = {"regex": {"regexesSqlInjection": [{"regex": "select.+(from|limit)", "remarks": "", "score": ""},
{"regex": "(?:(union(.*?)select))", "remarks": "", "score": ""},
{"regex": "group(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "order(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "waitfor(\\s*)+delay(\\s*)+'\\d", "remarks": "", "score": ""}, {
"regex": "select([\\s\\S]*?)case([\\s\\S]*?)when([\\s\\S]*?)then([\\s\\S]*?)else",
"remarks": "", "score": ""},
{"regex": "convert\\(+(int|char)", "remarks": "", "score": ""},
{"regex": "sleep\\((\\s*)(\\d*)(\\s*)\\)", "remarks": "", "score": ""},
{"regex": "(insert|replace)(\\s*)+into.+values(\\s|)\\(", "remarks": "",
"score": ""},
{"regex": "exec.+(xp_cmdshell|master\\.dbo\\.)", "remarks": "",
"score": ""},
{"regex": "declare.+@.+exec.+@", "remarks": "", "score": ""}],
"regexesSqlInjectionLow": [{"regex": "benchmark\\((.*)\\,(.*)\\) ", "remarks": "", "score": ""},
{"regex": "base64_decode\\(", "remarks": "", "score": ""},
{"regex": "(?:from(\\s*)+information_schema(\\s*))", "remarks": "",
"score": ""},
{"regex": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
这篇博客介绍了如何使用Python处理日志,同时重点讲解了防止SQL注入的正则表达式规则,包括匹配SQL关键字、XSS攻击和目录遍历等潜在威胁。通过示例代码展示了如何对日志中的URL进行过滤,从而识别和阻止可能的攻击行为。
最低0.47元/天 解锁文章
扫一扫
1167
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
